...
The authentication method used by JBoss is defined in
| Code Block |
|---|
<JBoss>/server/default/conf/login-config.xml
|
In the quickstart, the connection to ApacheDS is defined in login-config.xml by <application-policy name="bedeworkdemo">. The web applications are configured to use a particular application-policy in cal.properties:
| Code Block |
|---|
org.bedework.app.webapp.security.domain=bedeworkdemo
|
...
- Download the CAS Java Client
- Unzip the file and copy the CAS client to Bedework:## unzip cas-client-3.1.10-release.zip## cd cas-client-3.1.10/modules## cp cas-client-core-3.1.10.jar <qs>/jboss-5.1.0.GA/common/lib/
Add a CAS filter to each application that requires a log in (eventsubmit, ucal, caladmin).
Do caladmin last; you may want access to it while you are debugging this procedure. The files to edit are:
Code Block <qs>/bedework/projects/webapps/websubmit/war/WEB-INF/web.xml <qs>/bedework/projects/webapps/webclient/war/WEB-INF/userweb.xml <qs>/bedework/projects/webapps/webadmin/war/WEB-INF/web.xmlIn each file, add the lines in the code box below replacing the URLs with those that work at your site. The CAS filter must come BEFORE any other filters. Also, delete any and all of the following elements:
- <security-role-ref>
- <security-constraint>
- <security-role>
(optionally) Point the logout buttons on the Bedework clients that have them (Admin Client, Personal Calendar Client, Submissions Client) at your CAS server by editing the corresponding stylesheets. For example, in the Submissions Client (<quickstart>/bedework/deployment/websubmit/webapp/resources/demoskins/default/default/default.xsl), change the logout "span" to look something like this:
Code Block <span class="logout"> <a href="https://yourserver:8443/cas/logout?service=http%3A%2F%2Fyourserver%2Feventsubmit%2F" id="bwLogoutButton"> <xsl:copy-of select="$bwStr-Hedr-Logout"/> </a> </span>- build Bedework
CAS Filters:
| Code Block |
|---|
<filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://myCasServer/login</param-value> </init-param> <init-param> <param-name>service</param-name> <param-value>http://myclient/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://myBedeworkServer</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https:/myCasServer/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://myBedeworkServer</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CAS Sign-Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Sign-Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> |